1 Answer
1

Yes, any computation can be evaluated. This is achieved by representing the functionality to be computed as an arithmetic circuit (not a garbled circuit) that consists of addition and multiplication gates. The addition gate can be evaluated by the parties locally because the shares are additively homomorphic. The multiplication gates can be evaluated by the parties interactively.

$\begingroup$Shamir-secret sharing is an additively homomorphic secret sharing, meaning that if secrets $a$, $b$ are shared into shares $a_1,...,a_n$, $b_1,b_n$, then you can obtain shares $c_1=a_1+b_1,..., c_n=a_n+b_n$ such that $c_1,...,c_n$ are the shares of value $c=a+b$. It can also be used in MPC to compute any function.$\endgroup$
– Changyu DongSep 4 '18 at 8:38

$\begingroup$I'm sorry that my question was really stupid. So, for example, SPDZ does not use Shamir Secret Sharing. Are you aware of when and when not to use a particular secret sharing scheme?$\endgroup$
– malleaSep 4 '18 at 15:01

$\begingroup$It is up to you to select, depending on your requirement. For example, Shamir secret sharing offers t out of n threshold reconstruction, meaning that any $t$ shares allows to recover the secret. So you can tolerate up to $n-t$ share loss and still do the computation/get the result. While the simple mod addition based secret sharing requires all $n$ shares to recover the secret. On the other hand, it's more efficient in computation than Shamir usually.$\endgroup$
– Changyu DongSep 4 '18 at 16:20